Canonical : Security Vulnerabilities, CVEs, Published In 2015 (Bypass)
Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files.
Max CVSS
5.0
EPSS Score
0.55%
Published
2015-05-19
Updated
2017-11-04
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.
Max CVSS
5.0
EPSS Score
0.55%
Published
2015-04-24
Updated
2018-10-30
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors.
Max CVSS
6.8
EPSS Score
0.15%
Published
2015-07-01
Updated
2017-09-22
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).
Max CVSS
4.3
EPSS Score
0.32%
Published
2015-04-13
Updated
2017-01-03
Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web site.
Max CVSS
2.6
EPSS Score
0.39%
Published
2015-02-25
Updated
2018-10-30
GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button.
Max CVSS
7.2
EPSS Score
0.06%
Published
2015-01-16
Updated
2023-08-03
6 vulnerabilities found